Tom Keiser schrieb:
Raising thread count is not a solution. More to the point, this patch
introduces a trivially-exploitable (by rxnull conns, no less) thread
DoS against the volume server, and that's just not acceptable.
The solution to this problem needs to happen client-side, period.
Tom,
as you are aware the file server is trivially DoSsable. Even logical and valid
requests from a batch farm of a few thousand clients like ours will lock it up
in no time, which we solved here in a way that's perhaps even more
contentious. A volserver DoS would rarely have a comparable impact, and 7005
can probably be firewalled out from the wild world without much loss.
I agree however that introducing a DoS point even if it's only the 20th or
30th on the list is a filthy habit of the past century. I'll check if that
problem can be fixed on the client side without spaghettitizing the code
significantly - when I get some time!
Until then I nevertheless believe that the patch could go in, be it with a
comment that this demands to be revisited. I would not battle for it, though,
as I agree with with your criticism while ranking it's importance lower.
Cheers, Rainer
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rainer Toebbicke
European Laboratory for Particle Physics(CERN) - Geneva, Switzerland
Phone: +41 22 767 8985 Fax: +41 22 767 7155
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
